package com.hcc.security.config;

import com.hcc.security.handler.MyAuthenctiationSuccessHandler;
import com.hcc.security.service.serviceImpl.MyAccessDecisionManager;
import com.hcc.security.service.serviceImpl.MyFilterSecurityInterceptor;
import com.hcc.security.service.serviceImpl.MyPersistentTokenRepository;
import com.hcc.security.service.serviceImpl.SecurityServiceImpl;
import com.hcc.security.util.MD5Util;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;


/**
 * @Author: HC
 * @Date: 2019/4/19 17:10
 * @Version 1.0
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  //自定义决策管理器
  @Autowired
  private MyAccessDecisionManager accessDecisionManager;
  @Autowired
  private MyPersistentTokenRepository persistentTokenRepository;
  @Autowired
  private MyAuthenctiationSuccessHandler myAuthenctiationSuccessHandler;
  /**
   * 自定义可忽略校验路径
   */
  @Value("")
  private String[] PATH_PASS;
  @Bean
  UserDetailsService Service() {
    return new SecurityServiceImpl();
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    //资源访问
    http
        .csrf().disable()
        .authorizeRequests()
        //前端资源默认不拦截
        .antMatchers("/login","/js/**","/css/**","/image/*").permitAll()
        .antMatchers(PATH_PASS).permitAll()
        .anyRequest().authenticated()
        .and()
        .formLogin().successHandler(myAuthenctiationSuccessHandler).permitAll()
        .and()
        .httpBasic()
        .and()
        .rememberMe()
        //过期时间 15分钟
        .tokenValiditySeconds(900)
        .tokenRepository(persistentTokenRepository)
        .and()
        .logout().deleteCookies().logoutSuccessUrl("/login").permitAll();

    // 将自定义的过滤器配置在FilterSecurityInterceptor之前
    http.addFilterBefore(myFilterSecurityInterceptor(),FilterSecurityInterceptor.class);
  }


  @Override
  public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/favor.ioc");
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .userDetailsService(Service()).passwordEncoder(new PasswordEncoder() {
      @Override
      public String encode(CharSequence rawPassword) {
        return MD5Util.encode(String.valueOf(rawPassword));
      }
      @Override
      public boolean matches(CharSequence rawPassword, String encodedPassword) {
        return StringUtils.equals(MD5Util.encode(String.valueOf(rawPassword)), encodedPassword);
      }
    });

  }

  /**
   * 管理自定义的权限过滤器
   */
  @Bean
  public MyFilterSecurityInterceptor myFilterSecurityInterceptor() {
    MyFilterSecurityInterceptor myFilterSecurityInterceptor = new MyFilterSecurityInterceptor();
    myFilterSecurityInterceptor.setMyAccessDecisionManager(accessDecisionManager);
    return myFilterSecurityInterceptor;
  }
}